These are currently only used inside this package, so we might
as well un-export them until we need them elsewhere.
Also updated SetOOMScore() to first check for privileged; check for privileged
looks to be the "faster" path, and checking it first could (in case of non-
privileged) save having to read and parse /proc/self/uid_map.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `(dockerPusher).Push` method uses a `StatusTracker` to check if an
upload already happened, before repeating the upload. However, there is
no provision for failure handling. If a PUT request returns an error,
the `StatusTracker` will still see the upload as if it happened
successfully. Add a status boolean so that only successful uploads
short-circuit `Push`.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
cri-tools is hardcoded to use images which are broken
within their registry. Disable the tests to unblock
CI until fixed.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This allows a pusher to be used for more than one tag without creating a
new resolver/pusher. The current implementation checks the ref key
tracker status based on type and hash and will skip the push even if the
repository reference is unique.
Signed-off-by: Phil Estes <estesp@amazon.com>
Currently, `image.GetDiffID` cannot calculate DiffID of zstd layers because it
directly uses `compress/gzip` decompressor.
This commit fixes this issue by using the generic decompressor.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
Having this log should not be critical, and removing it allows
using this package without pulling in the explicit dependency
on k8s.io/klog.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When integration tests are run under nested VM (for SELinux, Cgroupsv2
testing) they are regularly starting to push past 10 minutes, causing
`go test` to fatally kill the test run (default timeout is 10m).
Signed-off-by: Phil Estes <estesp@amazon.com>
set user in exec container
$ ctr t exec --exec-id e1 --user admin container id
uid=500(admin) gid=500(admin) groups=500(admin)
Signed-off-by: chuangxue <chenglong.lcl@alibaba-inc.com>
Signed-off-by: acetang <aceapril@126.com>
Though we don't officially support Apple platform, we should
at least run unit tests to make sure things are not broken.
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This ensures that we do not trigger assertions inside HCS by tring to
call hcsshim.DestroyLayer on the parent of a currently-activated layer.
It also deactivates the layers before deletion, to ensure we trigger or
avert file-in-use failures due to leftover state from the tests with
more detail than 'destroy failed'.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
